Hacks

Two severe security flaws have been discovered in the open-source  SaltStack Sat configuration framework  that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. The vulnerabilities were identified by F-Secure researchers earlier this March and disclosed on Thursday, a day after SaltStack  released  a patch (version 3000.2)  addressing the issues , rated with CVSS score 10. "The vulnerabilities, allocated CVE IDs  CVE-2020-11651  and  CVE-2020-11652 , are of two different classes," the cybersecurity  firm said . "One being authentication bypass where functionality was unintentionally exposed to unauthenticated network clients, the other being directory traversal where untrusted input (i.e., parameters in network requests) was not sanitized correctly allowing unconstrained access to the entire filesystem of the master server." The researchers warned that the flaws could be...

A new type of mobile banking malware has been discovered abusing Android's accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes. Called "EventBot" by Cybereason researchers, the malware is capable of targeting over 200 different financial apps, including banking, money transfer services, and crypto-currency wallets such as Paypal Business, Revolut, Barclays, CapitalOne, HSBC, Santander, TransferWise, and Coinbase. "EventBot is particularly interesting because it is in such early stages," the  researchers  said. "This brand new malware has real potential to become the next big mobile malware, as it is under constant iterative improvements, abuses a critical operating system feature, and targets financial applications." The campaign, first identified in March 2020, masks its malicious intent by posing as legitimate applications (e.g., Adobe Flash...

Microsoft’s Digital Crimes Unit (DCU) uncovered an IoT botnet operation that 100 times within one month. Analyzing further DCU team able to map 400,000 publicly available IPs and narrowed 90 suspicious IPs. The botnets continue to increase, as the threat actors can abuse millions of devices to carry out malicious activities. Major Malware Attack Out of 90 suspicious IP DCU able to define one IP that associated with the distribution of several malicious activities including malware, phishing emails, ransomware, and DDoS attacks. The issue has been further reported by DCU to Taiwan’s Ministry of Justice Investigation Bureau (MJIB), who tracked down the illegal VPN IP quickly and the accounts behind it. Generally, cybercriminals use compromise PCs to launch cyberattacks, but this time an IOT LED light control console is used. MJIB managed to shut down the device quickly. “This case marks a milestone. That’s because we were able to take down the IoT device and secure the br...

Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly using to mine Monero cryptocurrency. The botnet, named "VictoryGate," has been active since May 2019, with infections mainly reported in Latin America, particularly Peru accounting for 90% of the compromised devices. "The main activity of the botnet is mining Monero cryptocurrency,"  ESET said . "The victims include organizations in both public and private sectors, including financial institutions." ESET said it worked with dynamic DNS provider No-IP to take down the malicious command-and-control (C2) servers and that it set up fake domains (aka sinkholes) to monitor the botnet's activity. The sinkhole data shows that between 2,000 and 3,500 infected computers connected to the C2 servers on a daily basis during February and March this year. According to ESET researcher...

A new Zoom flaw lets hackers record Zoom meeting sessions and to capture the chat text without the knowledge of meeting participants’ even though host disables recording option for the participants. Zoom is an online video communication platform that has features such as video conferencing, online meetings, chat, and mobile collaboration. Zoom Malware Injection Process Security researchers from Morphisec Labs observed a new vulnerability that lets malware injects into the Zoom process without any interaction even the recording option disabled for the user. At the time of recording none of the participants aware that the session is recorded and the Zoom malware has full control over the outputs. This opens a way for hackers to spy on Zoom sessions, as hackers already started selling thousands of  Compromised Usernames and Passwords  of Zoom Accounts Listed on Dark Web Forum. “Furthermore, Zoom is usually a trusted application; turning it into an info-stealer in...

Cognizant Technology Solutions Corp, one of the largest IT services providers hit by Maze Ransomware Cyber Attack which causes service disruptions to its clients. The company has more than 300,000 employees and it provides IT services, including digital, technology, consulting, and operations services. Maze Ransomware Attack – Cognizant The company started emailing their client on Friday, stating that their internal systems hit by Maze ransomware attack. “Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack,” reads the company statement. Vitali Kremez @VK_Intel High alert related to the yet another ransomware attack perpetrated by the Maze group possibly affecting @ Cognizant . Reviewing & mitigating against the usual Maze TTPs (including RDP + remote services as an attack vector) is advisable. Pushed # YARA https:// github.c...